[Bug 254375] New: VUL-0: kmail denial of service (crash)
https://bugzilla.novell.com/show_bug.cgi?id=254375 Summary: VUL-0: kmail denial of service (crash) Product: openSUSE 10.2 Version: Final Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: KDE AssignedTo: kde-maintainers@suse.de ReportedBy: meissner@novell.com QAContact: qa@suse.de CC: security-team@suse.de http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7139 Kmail 1.9.1 on KDE 3.5.2, with "Prefer HTML to Plain Text" enabled, allows remote attackers to cause a denial of service (crash) via an HTML e-mail with certain table and frameset tags that trigger a segmentation fault, possibly involving invalid free or delete operations. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=254375 ------- Comment #1 from dmueller@novell.com 2007-03-14 04:53 MST ------- this sounds like yet another duplicate of CVE-2006-6660. how often is this issue getting reported again? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=254375 ------- Comment #2 from meissner@novell.com 2007-03-14 10:39 MST ------- I have mailed the CVE maintainers. Did we fix this already for some distros? Then please duplicate to the respective bug. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=254375 ------- Comment #3 from dmueller@novell.com 2007-03-21 03:12 MST ------- no, we haven't fixed it for older distros except for SLE10-SP1 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=254375 ------- Comment #4 from dmueller@novell.com 2007-03-21 03:13 MST ------- should we backport the respective patch? note that I'm not 100% sure yet which one causes it, it will need some bisecting. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=254375 dmueller@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO Info Provider| |meissner@novell.com -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=254375 ------- Comment #5 from meissner@novell.com 2007-03-22 07:18 MST ------- Do you know what distros are affected? I dont like kmail crashing, same as I dont like it for evolution. The mailer _must_ work and not die on random emails. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=254375 wstephenson@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Info Provider|meissner@novell.com |dmueller@novell.com ------- Comment #6 from wstephenson@novell.com 2007-03-29 08:59 MST ------- Dirk? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=254375 dmueller@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|kde-maintainers@suse.de |dmueller@novell.com Status|NEEDINFO |ASSIGNED Info Provider|dmueller@novell.com | ------- Comment #7 from dmueller@novell.com 2007-03-30 06:37 MST ------- I'm bisecting the patches -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=254375 dmueller@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|dmueller@novell.com |security-team@suse.de Status|ASSIGNED |NEW ------- Comment #8 from dmueller@novell.com 2007-04-01 14:10 MST ------- only 10.1/SLE10 is affeced. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=254375 meissner@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dmueller@novell.com ------- Comment #9 from meissner@novell.com 2007-04-12 06:37 MST ------- do you need a SWAMPID or do you think that the SP1 fix is fine? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
participants (1)
-
bugzilla_noreply@novell.com